Collaborate Disseminate
Since moving to an offensive security role, I have always wanted to use SSH port forwarding through a Cisco router during a Penetration Test. However, the SSH implementation on a Cisco device does not provide the ability to customize the sshd_config file permitting port forwarding. Although there is the possibility of leveraging network address translation…
The post Cisco Hackery: TcL Proxy appeared first on TrustedSec.
1.1 Prerequisites As discussed in the previous blog post, an Android emulator was set up for testing a mobile application. Some of the most common tools were configured to see the application’s environment details and start probing for potential flaws. If you followed my previous post, you should now have a lab set up with…
The post Android Hacking for Beginners appeared first on TrustedSec.
With the ever-increasing demand for mobile technology, it seems like there is an app to do just about anything you can think of, right on your cell phone. From banking to mobile gaming and even controlling the RGB lights installed in your home office, everything is interconnected now. With the rise of this functionality also…
The post Set Up an Android Hacking Lab for $0 appeared first on TrustedSec.
This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film release, my nostalgia was hitting a fever pitch. Shortly after our Christmas dinner,…
The post Pwnton Pack: An Unlicensed 802.11 Particle Accelerator appeared first on TrustedSec.
Continue reading Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the…
The post CVE-2022-24696 – Glance by Mirametrix Privilege Escalation appeared first on TrustedSec.
Continue reading CVE-2022-24696 – Glance by Mirametrix Privilege Escalation
Intro I was at my local Target recently and spotted the section near the video games, where there were some little collectable arcade systems and handhelds that play games like Pac-Man, Galaga, and Contra. Whenever I see these types of systems, I like to pick one up to tear it apart and see what’s inside….
The post Hacking the My Arcade Contra Pocket Player – Part I appeared first on TrustedSec.
Continue reading Hacking the My Arcade Contra Pocket Player – Part I
Hidden cameras, spy cameras, nanny cams—whatever you call them, you are under surveillance much more than you may realize. While outdoor perimeter cameras and doorbell cameras are commonplace and have been used for quite some time to monitor property, other nefarious hidden cameras are popping up all over the place. Generally, any camera placed inside…
The post They’re Watching You! Protecting Yourself From Hidden Cameras appeared first on TrustedSec.
Continue reading They’re Watching You! Protecting Yourself From Hidden Cameras
Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check out the code and build/install it yourself if you prefer. Once installed, iHide will add…
The post Introducing iHide – A New Jailbreak Detection Bypass Tool appeared first on TrustedSec.
Continue reading Introducing iHide – A New Jailbreak Detection Bypass Tool
I have had several occasions when I’ve been performing a pentest against an Android or iOS application, attempting to monitor the traffic with Burp Suite, only to realize that the application is not respecting my proxy settings. Now, if you have a rooted or jailbroken device, there are some ways you can force the application…
The post Introducing Proxy Helper – A New WiFi Pineapple Module appeared first on TrustedSec.
Continue reading Introducing Proxy Helper – A New WiFi Pineapple Module
Introduction Why can’t I pwn my friends anymore? It seems like all my Metasploit magic is getting caught—even my modified, secret-sauce payloads. DEP. ASLR. EDRs. Sandboxes. Whitelists. It’s no fun anymore! So, you thought you were a 1337 h4x0r? You thought you had mad ‘sploit-writing, shell-popping skillz? First, you learned Python (so easy), then C…
The post Intro to Macros and VBA for Script Kiddies appeared first on TrustedSec.